The Linux Kernel

A problem in the way the Linux kernel handles 64-bit file offset pointers can,
under some conditions, be exploited by an attacker to view portions of kernel
memory and gain access to sensitive information, such as the root password. This
problem is reported to affect Linux kernel versions 2.4 through 2.4.26 and 2.6
through 2.6.7.

Users should watch their vendors for an updated version of the Linux kernel.

It is reported that Oracle released, on August 31, 2004, a set of patches to
repair three vulnerabilities and that the patches are available from Oracle's
Metalink web site. Users of affected Oracle products should contact Oracle for
more information.

DB2 Universal Database

IBM's DB2 Universal Database is reported to be vulnerable to two remotely exploitable
buffer overflows. While details have been withheld, a vulnerability of this
type often can be exploited to execute arbitrary code with the permissions of
the account running the database. Versions of DB2 reported to be affected by
this vulnerability are DB2 8.1 Fixpak 6 and older, and DB2 7.x Fixpak 11 and
older.

IBM has released Fixpak 7 for DB2 8.1 and Fixpak 12 for DB2 7.x. Affected users
are encouraged to upgrade as soon as possible.

cfengine

A heap corruption bug has been reported in the RSA authentication code of cfservd.
This bug, under some circumstances, is exploitable by a remote attacker to execute
arbitrary code with root permissions. An additional bug in cfservd may be exploited
as part of a denial-of-service attack against cfengine.

Users of cfengine should watch their vendors for an updated package.

vpopmail

vpopmail is used to manage virtual email domains and non-/etc/passwd email
accounts on a qmail or Postfix mail server. vpopmail is vulnerable to several
SQL injection bugs and, under some conditions, a buffer overflow and a format-string-based bug. These vulnerabilities may be exploitable by a remote attacker
to execute arbitrary code with the permissions of the user account running vpopmail.

The developers of vpopmail recommend that users upgrade to the 5.4.6 release
or newer as soon as possible.

MIT Kerberos 5

Problems have been discovered in the KDC utility, the ASN.1 decoder library,
and the krb5 library code in versions of MIT Kerberos 5 earlier than krb5-1.3.5.
Under some conditions, these problems may be exploitable by a remote attacker
to execute arbitrary code with (in many cases) root permissions, or used to conduct
a denial-of-service attack. At this time, no exploits have been published and
the MIT Kerberos 5 development team believes that exploiting these vulnerabilities
would be very difficult.

Users of MIT Kerberos 5 should upgrade to krb5-1.3.5 or newer as soon as possible.

CDE libDtHelp

The libDtHelp library distributed with the Common Desktop Environment (CDE)
contains a buffer overflow vulnerability that can be exploited by a local attacker
to gain root permissions and execute arbitrary commands. The buffer overflow
is in the library code that handles the DTHELPSEARCHPATH and DTHELPUSERSEARCHPATH
environmental variables. When exploited in a CDE application that is installed
set user id root, the attacker will gain root permissions.

Affected users should watch their vendors for a repaired version of the CDE
libDtHelp library.

SSHD/Anonymous CVS

Sites allowing anonymous CVS in conjunction with a default install of SSH may
be vulnerable to an attack that uses the SSH port-forwarding functionality to
bounce unauthorized network traffic (for example, spam) through the server.

It is suggested that any site that allows anonymous connections set AllowTcpForwarding
to no in their sshd_config file.

Samba

A denial-of-service vulnerability has been announced for all versions of Samba
earlier than 3.0.6 and 2.2.11. This vulnerability is caused when a Microsoft
Windows XP SP2 client sends a FindNextPrintChangeNotify() request without having
first sent a FindFirstPrintChangeNotify().

The Samba developers have released versions 3.0.6 and 2.2.11 of Samba to mitigate
this problem.

zlib Library

The zlib library is reported to be vulnerable to a denial-of-service attack
in applications linked to the library. The attack is reported to use bugs in
the inflate() and inflateBack() functions.

Affected users should watch their vendors for a repaired version of the zlib
library.

Courier-IMAP

The Courier-IMAP IMAP email server has a format-string-based vulnerability
in its auth_debug() function, when DEBUG_LOGIN is enabled, that can be exploited
by a remote attacker to execute arbitrary code with the permissions of the user
account running Courier-IMAP.

It is recommended that users upgrade to a repaired version of Courier-IMAP
as soon as possible.

Python

A buffer overflow in the Python programming language's DNS handling function
getaddrinfo() may be exploitable under some conditions and result in arbitrary
code being executed. Python is only vulnerable when IPV6 is disabled.

Users should watch their vendors for a repaired version of Python or upgrade
to Python 2.2.2 or newer.